Now that we’ve familiarized ourselves with the new landscape of the CCPA requirements for service providers, we can get into some of the mortgage-related specifics. In this article, we’ll cover the direct impact of the CCPA on the mortgage industry, and share how lenders are updating their processes, and policies and procedures with the required elements.

How Does the CCPA Impact Mortgage Lending?

To briefly recap, the CCPA “creates new consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses.”

Paula Tuffin, General Counsel and Chief Compliance Officer at Better, told National Mortgage News that the “CCPA refers to ‘personal information’ while GLBA refers to the more narrowly defined nonpublic information and personally identifiable financial information.”

Understanding the FCRA Exemptions

The FCRA exemption is limited and applies only when personal information in a consumer report is:

Sold to or from a consumer reporting agency

Used to generate consumer reports

Secured under the FCRA

Credit reporting agencies and businesses—that qualify as a ‘furnisher,’ one who provides consumer report information to a consumer reporting agency, or a ‘user,’ a third party recipient of the consumer report information—are exempt.

How to Implement CCPA

The BeSmartee team is actively working with clients to go live with CCPA compliant elements.

For California lenders who have shown readiness to address the regulations, “we will be adding language and disclosures, but we have not done it across the board, as the law only applies to those in California who meet the threshold,” said Corey Johnson, Chief Compliance Officer at BeSmartee.

The screen shot below is an example of a client who added a disclosure button to provide consumers with the option of deciding whether or not they want their personal information sold, satisfying best practices for usage and management of consumer personal information.

Already in the process of implementing the privacy law? We’ve provided a CCPA compliance checklist that includes six critical measures:

Conclusion

An accountability approach is crucial here, as the CCPA allows up to 45 days to act after a data breach or be faced with a fine for failure to comply with requirements. Don’t forget, a security incident under the CCPA can cost your business up to $7,500 per day.

Get started by asking yourself whether you offer an online application. If your answer is ‘yes,’ consider building a disclosure/opt-out link into the footer of your homepage, and/or updating your privacy policy to include detailed information describing where you are collecting data from and how you are managing it.

To learn more about how BeSmartee can help you implement CCPA changes, email info@besmartee.com.

Ike Suri and Adam Chaudhary of fintech firm, FundingShield, talk wire and title fraud prevention in the mortgage industry—a new target for hackers with sophisticated technology designed to sidestep internal fraud controls.
Read More.

At the helm of BeSmartee’s internal compliance and audit staff is our dedicated chief compliance officer, Corey Johnson, who has held key executive and senior-level auditing and management positions at banks and wealth management firms for more than 12 years.
Read More.